Grinch Bug May Affect Most Linux Systems

  /     /     /  
Publicated : 22/11/2024   Category : security


Grinch Bug May Affect Most Linux Systems


But newly discovered vulnerability not as urgent as previous open-source bug disclosures.



A new Linux vulnerability -- nicknamed Grinch -- is a mean one that researchers say could affect all Linux systems as well as mobile devices based on the operating system.
Theres no patch available yet for the flaw, which could let an attacker escalate privileges on a Linux machine to install malware or conduct other nefarious activity. But this is no Heartbleed or Shellshock moment: Grinch doesnt pose an imminent threat, security experts say, but it should serve as a wakeup call for how Linux systems are configured.
I think [theres] no need to get distracted from Christmas shopping. This is something that can wait until January, says Johannes Ullrich, director of SANS Internet Storm Center.
Stephen Coty, chief security evangelist for Alert Logic, which
discovered the flaw
, says so far, theres been no word on the timing of a patch for the bug.
Anyone who goes with a default configuration of Linux is susceptible to this bug, he says, and he thinks home users or those not very Linux-savvy are most at risk. We havent seen any active attacks on it as of yet, and that is why we wanted to get it patched before people started exploiting it.
{Image 1}
The flaw lies in the open-source privilege management component polkit (a.k.a. PolicyKit) for Linux, which lets an administrator determine which privileges a user can have while running a specific software application. Alert Logic found that the default configuration of polkit in many Linux-based environments doesnt require any authentication, plus it gives users a group access to admin privileges like installing software without using a password, says SANSs Ullrich.
According to Ullrich, the big takeaway from this bug is that Linux administrators need to better understand and configure the polkit function in the operating system. Linux distributions havent done a very good job in pre-configuring polkit safely, he says.

Last News

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Grinch Bug May Affect Most Linux Systems